UNPKG

scrivito

Version:

Scrivito is a professional, yet easy to use SaaS Enterprise Content Management Service, built for digital agencies and medium to large businesses. It is completely maintenance-free, cost-effective, and has unprecedented performance and security.

www.scrivito.com

Scrivito/scrivito_sdk_js

90 lines (75 loc) 2.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import { AuthorizationProvider } from 'scrivito_sdk/client'; import { VisitorSession, cmsRestApi } from 'scrivito_sdk/client/cms_rest_api'; import { PublicAuthentication } from 'scrivito_sdk/client/public_authentication'; import { Deferred, ScrivitoError, randomId, throwNextTick, } from 'scrivito_sdk/common'; /** * The VisitorAuthenticationProvider is responsible to provide the visitor * session to authenticate backend requests for a Scrivito configured with * visitor authentication. * * The visitor session is retrieved from backend using the id token that * the provider has received. Backend requests are delayed until the first * session response arrives. * * Responses of visitor session authenticated backend requests are monitored * if they indicate an expired session, and retried either with a fresh * visitor session or without authentication. */ export class VisitorAuthenticationProvider implements AuthorizationProvider { private readonly sessionId = randomId(); private idToken = new Deferred<string>(); private sessionRequest: Promise<VisitorSession>; private state = 'waiting for token'; constructor() { this.sessionRequest = this.fetchSession(); } setToken(token: string) { if (!this.idToken.isPending()) { this.idToken = new Deferred(); this.renewSession(); } this.idToken.resolve(token); this.state = `active - token: ${token.substr(0, 3)}...`; } currentState(): string { return this.state; } async authorize( request: (authorization: string | undefined) => Promise<Response> ): Promise<Response> { const sessionRequest = this.sessionRequest; let session: VisitorSession; try { session = await sessionRequest; } catch { return PublicAuthentication.authorize(request); } const response = await request(`Session ${session.token}`); if (response.status === 401) { if (this.sessionRequest === sessionRequest) this.renewSession(); return this.authorize(request); } return response; } private renewSession() { this.sessionRequest = this.fetchSession(); } private async fetchSession() { try { const token = await this.idToken; return await cmsRestApi.requestVisitorSession(this.sessionId, token); } catch (error) { throwNextTick( new ScrivitoError( `Failed to establish visitor session: ${(error as Error).message}` ) ); throw error; } } }